With first-quarter shipments exceeding Macs in the United States, Chromebooks are very popular. Schools and enterprises choose Chromebooks for their very streamlined use case: low cost, fast boot security, simplicity and ease of administration.

Chromebooks just got a little more complicated, but for the better, with Google’s announcement that the Android Play Store will be available on Chromebooks and that Android apps will run on the Chrome operating system. The million Android apps—which include popular apps such as Adobe Photoshop, Microsoft Word and Skype and games such as Clash of Clans and Angry Birds—will remedy the Chromebook’s relative app sparsity.

A developer preview designated M53 will be available in June. A beta version will be available in August, and a production release will be available in September. The developer preview will support Android Marshmallow 6.x, and the beta release will support Android N 7.x

Running apps created for one platform on a different platform naturally draws suspicion because many attempts have failed due to instruction set compatibility, security or poor emulation performance. Merging the Chrome OS and Android teams last October, as well as sharing common operating system elements, should in this case prove successful.

Android is a superset of Linux with additional mobile features and many platform-specific APIs. The Chrome OS is a subset—stripped of everything other than what is needed to manage the underlying hardware and services, such as security, authentication and communications needed by a secure browser.

The Chrome OS has taken advantage of recent work by Docker and other cloud containers to give Chromebooks Android-app compatibility. The full Android framework is implemented in a Linux container that isolates Android from the rest of the Chrome OS and apps in a sandbox.

A hardware abstraction layer (HAL) has been built between Android and the Chrome OS that runs native ARM code on Chromebooks using processors with the ARM instruction set and emulates it on Chromebooks using Intel processors. Over 90 percent of the top 100 Android apps include native ARM object code. App developers often optimize app performance by compiling critical modules into ARM object code because almost all Android mobile devices have ARM instruction set compatible processors.

Security extends beyond container sandboxing with SELinux, the secure version of Linux implemented in Android 4.3 in 2013 and Chrome OS since 2012 or earlier. The Android framework runs in a container that isolates it from other containers and OS modules using Linux functionality called "namespaces." Android is granted only specific privileges to view and interact with Chrome OS hardware resources, such as keyboards, cameras and communications. This isolation prevents potentially harmful code within the Android container from interacting with code outside the Android containers.

Android is instrumented using part of the core Play Services called VerifyApps to recognize potentially harmful app behaviors and in certain situations to shut down and remove a harmful app. Based on Google’s description of the Play Store for Chrome OS, it seems that VerifyApps has been implemented on the Chrome OS to protect it from malicious Android apps.

Administrators will be able to choose to implement Android apps from the Chromebook admin console, and if implemented, specific Android apps can be whitelisted.

Google said it doesn’t have plans to bring this Android compatibility to the Chrome Browser and all the Microsoft, Apple and Linux devices it runs on, but it could be an interesting next step because it would bring Android apps to hundreds of millions or potentially a billion devices.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Steven Max Patterson lives in Boston and San Francisco where he follows and writes about trends in software development platforms, mobile, IoT, wearables and next generation television. His writing is influenced by his 20 years' experience covering or working in the primordial ooze of tech startups.